delta/libgit2.git/tests/checkout, branch ethomson/diff_enum github.com: libgit2/libgit2.git implement GIT_CHECKOUT_DRY_RUN to allow notifications without touching the working directory 2021-04-14T20:05:47+00:00 Jochen Hunz j.hunz@anchorpoint.app 2021-04-14T20:05:47+00:00 958205a33d9e9d078f41a9a3ac04dc7c657840c7 






Make the tests pass cleanly with MemorySanitizer
2020-06-30T13:25:10+00:00

lhchavez
lhchavez@lhchavez.com

2020-06-27T19:33:32+00:00

3a197ea7ead1bc1b018eb809e92f418a00e5c3f8

This change:

* Initializes a few variables that were being read before being
  initialized.
* Includes https://github.com/madler/zlib/pull/393. As such,
  it only works reliably with `-DUSE_BUNDLED_ZLIB=ON`.





This change:

* Initializes a few variables that were being read before being
  initialized.
* Includes https://github.com/madler/zlib/pull/393. As such,
  it only works reliably with `-DUSE_BUNDLED_ZLIB=ON`.







clar: include the function name
2020-06-05T07:49:07+00:00

Edward Thomson
ethomson@edwardthomson.com

2020-06-05T07:42:38+00:00

cad7a1bad40c302fef02306708f6ce6279680cb4












checkout::index: free the index
2020-05-23T08:35:53+00:00

Edward Thomson
ethomson@edwardthomson.com

2020-05-23T08:35:53+00:00

f88e12dbe3982ce9364754198d4cdea79ff575ae












tests: checkout: fix stylistic issues and static variable
2020-05-16T12:02:42+00:00

Patrick Steinhardt
ps@pks.im

2020-05-16T12:00:11+00:00

915f88609a6685fbad1f5ad6fa7a5bb320f03138

The test case checkout::index::can_disable_pathspec_match has some
shortcomings when it comes to coding style, which didn't fit our own
coding style. Furthermore, it had an unnecessary static local variable.

The test has been refactored to address these issues.





The test case checkout::index::can_disable_pathspec_match has some
shortcomings when it comes to coding style, which didn't fit our own
coding style. Furthermore, it had an unnecessary static local variable.

The test has been refactored to address these issues.







checkout: Fix removing untracked files by path in subdirectories
2020-05-10T23:15:06+00:00

Segev Finer
segev@codeocean.com

2019-06-03T15:35:08+00:00

d62e44cb8218840a0291fb5fbb7c5106e1e35a12

The checkout code didn't iterate into a subdir if it didn't match the
pathspec, but since the pathspec might match files in the subdir we
should recurse into it (In contrast to gitignore handling).

Fixes #5089





The checkout code didn't iterate into a subdir if it didn't match the
pathspec, but since the pathspec might match files in the subdir we
should recurse into it (In contrast to gitignore handling).

Fixes #5089







tests::checkout: only examine test10 and test11.txt
2020-05-10T22:47:20+00:00

Edward Thomson
ethomson@edwardthomson.com

2020-02-02T18:01:15+00:00

8731e1f4a10a29fe819e3d3011077737e3c7df43

The checkout::index::can_disable_pathspec_match test attempts to set a
path filter of `test11.txt` and `test12.txt`, but then validates that
`test10.txt` and `test11.txt` were left unmodified.  Update the test's
path filter to match the expectation.





The checkout::index::can_disable_pathspec_match test attempts to set a
path filter of `test11.txt` and `test12.txt`, but then validates that
`test10.txt` and `test11.txt` were left unmodified.  Update the test's
path filter to match the expectation.







Create test case demonstrating checkout bug w/ pathspec match disabled
2020-05-10T22:47:20+00:00

Felix Lapalme
lapfelix@users.noreply.github.com

2020-02-02T06:00:15+00:00

24bd12c4f91f841b70bd65252aa25b221bf63eb5












Disallow NTFS Alternate Data Stream attacks, even on Linux/macOS
2019-12-10T08:01:06+00:00

Johannes Schindelin
johannes.schindelin@gmx.de

2019-09-18T12:32:05+00:00

3f7851eadca36a99627ad78cbe56a40d3776ed01

A little-known feature of NTFS is that it offers to store metadata in
so-called "Alternate Data Streams" (inspired by Apple's "resource
forks") that are copied together with the file they are associated with.
These Alternate Data Streams can be accessed via `<file name>:<stream
name>:<stream type>`.

Directories, too, have Alternate Data Streams, and they even have a
default stream type `$INDEX_ALLOCATION`. Which means that `abc/` and
`abc::$INDEX_ALLOCATION/` are actually equivalent.

This is of course another attack vector on the Git directory that we
definitely want to prevent.

On Windows, we already do this incidentally, by disallowing colons in
file/directory names.

While it looks as if files'/directories' Alternate Data Streams are not
accessible in the Windows Subsystem for Linux, and neither via
CIFS/SMB-mounted network shares in Linux, it _is_ possible to access
them on SMB-mounted network shares on macOS.

Therefore, let's go the extra mile and prevent this particular attack
_everywhere_. To keep things simple, let's just disallow *any* Alternate
Data Stream of `.git`.

This is libgit2's variant of CVE-2019-1352.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>





A little-known feature of NTFS is that it offers to store metadata in
so-called "Alternate Data Streams" (inspired by Apple's "resource
forks") that are copied together with the file they are associated with.
These Alternate Data Streams can be accessed via `<file name>:<stream
name>:<stream type>`.

Directories, too, have Alternate Data Streams, and they even have a
default stream type `$INDEX_ALLOCATION`. Which means that `abc/` and
`abc::$INDEX_ALLOCATION/` are actually equivalent.

This is of course another attack vector on the Git directory that we
definitely want to prevent.

On Windows, we already do this incidentally, by disallowing colons in
file/directory names.

While it looks as if files'/directories' Alternate Data Streams are not
accessible in the Windows Subsystem for Linux, and neither via
CIFS/SMB-mounted network shares in Linux, it _is_ possible to access
them on SMB-mounted network shares on macOS.

Therefore, let's go the extra mile and prevent this particular attack
_everywhere_. To keep things simple, let's just disallow *any* Alternate
Data Stream of `.git`.

This is libgit2's variant of CVE-2019-1352.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>







Protect against 8.3 "short name" attacks also on Linux/macOS
2019-12-10T08:01:06+00:00

Johannes Schindelin
johannes.schindelin@gmx.de

2019-09-18T13:25:02+00:00

64c612cc3e25eff5fb02c59ef5a66ba7a14751e4

The Windows Subsystem for Linux (WSL) is getting increasingly popular,
in particular because it makes it _so_ easy to run Linux software on
Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to
`/mnt/c/`, no need to set that up manually).

Unfortunately, files/directories on the Windows drives can be accessed
via their _short names_, if that feature is enabled (which it is on the
`C:` drive by default).

Which means that we have to safeguard even our Linux users against the
short name attacks.

Further, while the default options of CIFS/SMB-mounts seem to disallow
accessing files on network shares via their short names on Linux/macOS,
it _is_ possible to do so with the right options.

So let's just safe-guard against short name attacks _everywhere_.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>





The Windows Subsystem for Linux (WSL) is getting increasingly popular,
in particular because it makes it _so_ easy to run Linux software on
Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to
`/mnt/c/`, no need to set that up manually).

Unfortunately, files/directories on the Windows drives can be accessed
via their _short names_, if that feature is enabled (which it is on the
`C:` drive by default).

Which means that we have to safeguard even our Linux users against the
short name attacks.

Further, while the default options of CIFS/SMB-mounts seem to disallow
accessing files on network shares via their short names on Linux/macOS,
it _is_ possible to do so with the right options.

So let's just safe-guard against short name attacks _everywhere_.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>